Nikos Mavrogiannopoulos nmav at
Tue Aug 4 18:41:51 CEST 2009

Simon Josefsson wrote:

>>>>    return 0;
>>>>  }
>>> Hi Nikos -- this code crashed the self-tests, but I fixed that.
>>> However, isn't this the wrong way to address the real problem?  It seems
>>> callers of the function should be fixed to be careful not to assume
>>> decoded data does not contain NULs?
>> A null byte there is really malicious (why would a string contain a null
>> byte?).
> The standards permit it...

To be precise it is only allowed if a the string is tagged as ia5String.
Other types do not allow null.

More information about the Gnutls-devel mailing list